@blamejs/exceptd-skills 0.14.27 → 0.14.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +3 -3
- package/data/_indexes/catalog-summaries.json +8 -8
- package/data/_indexes/chains.json +514 -0
- package/data/_indexes/frequency.json +1 -0
- package/data/attack-techniques.json +11 -1
- package/data/cve-catalog.json +421 -0
- package/data/cwe-catalog.json +31 -0
- package/data/framework-control-gaps.json +28 -0
- package/data/zeroday-lessons.json +280 -0
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +22 -22
|
@@ -7,6 +7,482 @@
|
|
|
7
7
|
"CWE"
|
|
8
8
|
]
|
|
9
9
|
},
|
|
10
|
+
"CVE-2025-0282": {
|
|
11
|
+
"name": "Ivanti Connect Secure / Policy Secure / Neurons for ZTA stack-overflow preauth RCE",
|
|
12
|
+
"rwep": 85,
|
|
13
|
+
"cvss": 9,
|
|
14
|
+
"cisa_kev": true,
|
|
15
|
+
"epss_score": 0.94129,
|
|
16
|
+
"referencing_skills": [
|
|
17
|
+
"kernel-lpe-triage",
|
|
18
|
+
"coordinated-vuln-disclosure"
|
|
19
|
+
],
|
|
20
|
+
"chain": {
|
|
21
|
+
"cwes": [
|
|
22
|
+
{
|
|
23
|
+
"id": "CWE-125",
|
|
24
|
+
"name": "Out-of-bounds Read",
|
|
25
|
+
"category": "Memory Safety"
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
"id": "CWE-1357",
|
|
29
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
30
|
+
"category": "Supply Chain"
|
|
31
|
+
},
|
|
32
|
+
{
|
|
33
|
+
"id": "CWE-362",
|
|
34
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
35
|
+
"category": "Concurrency"
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
"id": "CWE-416",
|
|
39
|
+
"name": "Use After Free",
|
|
40
|
+
"category": "Memory Safety"
|
|
41
|
+
},
|
|
42
|
+
{
|
|
43
|
+
"id": "CWE-672",
|
|
44
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
45
|
+
"category": "Memory Safety"
|
|
46
|
+
},
|
|
47
|
+
{
|
|
48
|
+
"id": "CWE-787",
|
|
49
|
+
"name": "Out-of-bounds Write",
|
|
50
|
+
"category": "Memory Safety"
|
|
51
|
+
}
|
|
52
|
+
],
|
|
53
|
+
"atlas": [],
|
|
54
|
+
"d3fend": [
|
|
55
|
+
{
|
|
56
|
+
"id": "D3-ASLR",
|
|
57
|
+
"name": "Address Space Layout Randomization",
|
|
58
|
+
"tactic": "Harden"
|
|
59
|
+
},
|
|
60
|
+
{
|
|
61
|
+
"id": "D3-EAL",
|
|
62
|
+
"name": "Executable Allowlisting",
|
|
63
|
+
"tactic": "Harden"
|
|
64
|
+
},
|
|
65
|
+
{
|
|
66
|
+
"id": "D3-PHRA",
|
|
67
|
+
"name": "Process Hardware Resource Access",
|
|
68
|
+
"tactic": "Isolate"
|
|
69
|
+
},
|
|
70
|
+
{
|
|
71
|
+
"id": "D3-PSEP",
|
|
72
|
+
"name": "Process Segment Execution Prevention",
|
|
73
|
+
"tactic": "Harden"
|
|
74
|
+
}
|
|
75
|
+
],
|
|
76
|
+
"framework_gaps": [
|
|
77
|
+
{
|
|
78
|
+
"id": "CIS-Controls-v8-Control7",
|
|
79
|
+
"framework": "CIS Controls v8",
|
|
80
|
+
"control_name": "Continuous Vulnerability Management"
|
|
81
|
+
},
|
|
82
|
+
{
|
|
83
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
84
|
+
"framework": "ISO/IEC 27001:2022",
|
|
85
|
+
"control_name": "Management of technical vulnerabilities"
|
|
86
|
+
},
|
|
87
|
+
{
|
|
88
|
+
"id": "NIS2-Art21-patch-management",
|
|
89
|
+
"framework": "EU NIS2 Directive",
|
|
90
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
91
|
+
},
|
|
92
|
+
{
|
|
93
|
+
"id": "NIST-800-218-SSDF",
|
|
94
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
95
|
+
"control_name": "Secure Software Development Framework"
|
|
96
|
+
},
|
|
97
|
+
{
|
|
98
|
+
"id": "NIST-800-53-SC-8",
|
|
99
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
100
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
101
|
+
},
|
|
102
|
+
{
|
|
103
|
+
"id": "NIST-800-53-SI-2",
|
|
104
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
105
|
+
"control_name": "Flaw Remediation"
|
|
106
|
+
},
|
|
107
|
+
{
|
|
108
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
109
|
+
"framework": "PCI DSS 4.0",
|
|
110
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
111
|
+
},
|
|
112
|
+
{
|
|
113
|
+
"id": "SOC2-CC9-vendor-management",
|
|
114
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
115
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
116
|
+
}
|
|
117
|
+
],
|
|
118
|
+
"attack_refs": [
|
|
119
|
+
"T1068",
|
|
120
|
+
"T1548.001"
|
|
121
|
+
],
|
|
122
|
+
"rfc_refs": [
|
|
123
|
+
"RFC-4301",
|
|
124
|
+
"RFC-4303",
|
|
125
|
+
"RFC-7296"
|
|
126
|
+
]
|
|
127
|
+
}
|
|
128
|
+
},
|
|
129
|
+
"CVE-2025-22457": {
|
|
130
|
+
"name": "Ivanti Connect Secure / Policy Secure / ZTA Gateways stack-overflow preauth RCE (weaponized follow-on)",
|
|
131
|
+
"rwep": 83,
|
|
132
|
+
"cvss": 9,
|
|
133
|
+
"cisa_kev": true,
|
|
134
|
+
"epss_score": 0.58941,
|
|
135
|
+
"referencing_skills": [
|
|
136
|
+
"kernel-lpe-triage",
|
|
137
|
+
"coordinated-vuln-disclosure"
|
|
138
|
+
],
|
|
139
|
+
"chain": {
|
|
140
|
+
"cwes": [
|
|
141
|
+
{
|
|
142
|
+
"id": "CWE-125",
|
|
143
|
+
"name": "Out-of-bounds Read",
|
|
144
|
+
"category": "Memory Safety"
|
|
145
|
+
},
|
|
146
|
+
{
|
|
147
|
+
"id": "CWE-1357",
|
|
148
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
149
|
+
"category": "Supply Chain"
|
|
150
|
+
},
|
|
151
|
+
{
|
|
152
|
+
"id": "CWE-362",
|
|
153
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
154
|
+
"category": "Concurrency"
|
|
155
|
+
},
|
|
156
|
+
{
|
|
157
|
+
"id": "CWE-416",
|
|
158
|
+
"name": "Use After Free",
|
|
159
|
+
"category": "Memory Safety"
|
|
160
|
+
},
|
|
161
|
+
{
|
|
162
|
+
"id": "CWE-672",
|
|
163
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
164
|
+
"category": "Memory Safety"
|
|
165
|
+
},
|
|
166
|
+
{
|
|
167
|
+
"id": "CWE-787",
|
|
168
|
+
"name": "Out-of-bounds Write",
|
|
169
|
+
"category": "Memory Safety"
|
|
170
|
+
}
|
|
171
|
+
],
|
|
172
|
+
"atlas": [],
|
|
173
|
+
"d3fend": [
|
|
174
|
+
{
|
|
175
|
+
"id": "D3-ASLR",
|
|
176
|
+
"name": "Address Space Layout Randomization",
|
|
177
|
+
"tactic": "Harden"
|
|
178
|
+
},
|
|
179
|
+
{
|
|
180
|
+
"id": "D3-EAL",
|
|
181
|
+
"name": "Executable Allowlisting",
|
|
182
|
+
"tactic": "Harden"
|
|
183
|
+
},
|
|
184
|
+
{
|
|
185
|
+
"id": "D3-PHRA",
|
|
186
|
+
"name": "Process Hardware Resource Access",
|
|
187
|
+
"tactic": "Isolate"
|
|
188
|
+
},
|
|
189
|
+
{
|
|
190
|
+
"id": "D3-PSEP",
|
|
191
|
+
"name": "Process Segment Execution Prevention",
|
|
192
|
+
"tactic": "Harden"
|
|
193
|
+
}
|
|
194
|
+
],
|
|
195
|
+
"framework_gaps": [
|
|
196
|
+
{
|
|
197
|
+
"id": "CIS-Controls-v8-Control7",
|
|
198
|
+
"framework": "CIS Controls v8",
|
|
199
|
+
"control_name": "Continuous Vulnerability Management"
|
|
200
|
+
},
|
|
201
|
+
{
|
|
202
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
203
|
+
"framework": "ISO/IEC 27001:2022",
|
|
204
|
+
"control_name": "Management of technical vulnerabilities"
|
|
205
|
+
},
|
|
206
|
+
{
|
|
207
|
+
"id": "NIS2-Art21-patch-management",
|
|
208
|
+
"framework": "EU NIS2 Directive",
|
|
209
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
210
|
+
},
|
|
211
|
+
{
|
|
212
|
+
"id": "NIST-800-218-SSDF",
|
|
213
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
214
|
+
"control_name": "Secure Software Development Framework"
|
|
215
|
+
},
|
|
216
|
+
{
|
|
217
|
+
"id": "NIST-800-53-SC-8",
|
|
218
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
219
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
220
|
+
},
|
|
221
|
+
{
|
|
222
|
+
"id": "NIST-800-53-SI-2",
|
|
223
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
224
|
+
"control_name": "Flaw Remediation"
|
|
225
|
+
},
|
|
226
|
+
{
|
|
227
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
228
|
+
"framework": "PCI DSS 4.0",
|
|
229
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
230
|
+
},
|
|
231
|
+
{
|
|
232
|
+
"id": "SOC2-CC9-vendor-management",
|
|
233
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
234
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
235
|
+
}
|
|
236
|
+
],
|
|
237
|
+
"attack_refs": [
|
|
238
|
+
"T1068",
|
|
239
|
+
"T1548.001"
|
|
240
|
+
],
|
|
241
|
+
"rfc_refs": [
|
|
242
|
+
"RFC-4301",
|
|
243
|
+
"RFC-4303",
|
|
244
|
+
"RFC-7296"
|
|
245
|
+
]
|
|
246
|
+
}
|
|
247
|
+
},
|
|
248
|
+
"CVE-2025-31324": {
|
|
249
|
+
"name": "SAP NetWeaver Visual Composer Metadata Uploader unauthenticated file-upload RCE",
|
|
250
|
+
"rwep": 78,
|
|
251
|
+
"cvss": 10,
|
|
252
|
+
"cisa_kev": true,
|
|
253
|
+
"epss_score": 0.3151,
|
|
254
|
+
"referencing_skills": [
|
|
255
|
+
"kernel-lpe-triage",
|
|
256
|
+
"coordinated-vuln-disclosure"
|
|
257
|
+
],
|
|
258
|
+
"chain": {
|
|
259
|
+
"cwes": [
|
|
260
|
+
{
|
|
261
|
+
"id": "CWE-125",
|
|
262
|
+
"name": "Out-of-bounds Read",
|
|
263
|
+
"category": "Memory Safety"
|
|
264
|
+
},
|
|
265
|
+
{
|
|
266
|
+
"id": "CWE-1357",
|
|
267
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
268
|
+
"category": "Supply Chain"
|
|
269
|
+
},
|
|
270
|
+
{
|
|
271
|
+
"id": "CWE-362",
|
|
272
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
273
|
+
"category": "Concurrency"
|
|
274
|
+
},
|
|
275
|
+
{
|
|
276
|
+
"id": "CWE-416",
|
|
277
|
+
"name": "Use After Free",
|
|
278
|
+
"category": "Memory Safety"
|
|
279
|
+
},
|
|
280
|
+
{
|
|
281
|
+
"id": "CWE-672",
|
|
282
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
283
|
+
"category": "Memory Safety"
|
|
284
|
+
},
|
|
285
|
+
{
|
|
286
|
+
"id": "CWE-787",
|
|
287
|
+
"name": "Out-of-bounds Write",
|
|
288
|
+
"category": "Memory Safety"
|
|
289
|
+
}
|
|
290
|
+
],
|
|
291
|
+
"atlas": [],
|
|
292
|
+
"d3fend": [
|
|
293
|
+
{
|
|
294
|
+
"id": "D3-ASLR",
|
|
295
|
+
"name": "Address Space Layout Randomization",
|
|
296
|
+
"tactic": "Harden"
|
|
297
|
+
},
|
|
298
|
+
{
|
|
299
|
+
"id": "D3-EAL",
|
|
300
|
+
"name": "Executable Allowlisting",
|
|
301
|
+
"tactic": "Harden"
|
|
302
|
+
},
|
|
303
|
+
{
|
|
304
|
+
"id": "D3-PHRA",
|
|
305
|
+
"name": "Process Hardware Resource Access",
|
|
306
|
+
"tactic": "Isolate"
|
|
307
|
+
},
|
|
308
|
+
{
|
|
309
|
+
"id": "D3-PSEP",
|
|
310
|
+
"name": "Process Segment Execution Prevention",
|
|
311
|
+
"tactic": "Harden"
|
|
312
|
+
}
|
|
313
|
+
],
|
|
314
|
+
"framework_gaps": [
|
|
315
|
+
{
|
|
316
|
+
"id": "CIS-Controls-v8-Control7",
|
|
317
|
+
"framework": "CIS Controls v8",
|
|
318
|
+
"control_name": "Continuous Vulnerability Management"
|
|
319
|
+
},
|
|
320
|
+
{
|
|
321
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
322
|
+
"framework": "ISO/IEC 27001:2022",
|
|
323
|
+
"control_name": "Management of technical vulnerabilities"
|
|
324
|
+
},
|
|
325
|
+
{
|
|
326
|
+
"id": "NIS2-Art21-patch-management",
|
|
327
|
+
"framework": "EU NIS2 Directive",
|
|
328
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
329
|
+
},
|
|
330
|
+
{
|
|
331
|
+
"id": "NIST-800-218-SSDF",
|
|
332
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
333
|
+
"control_name": "Secure Software Development Framework"
|
|
334
|
+
},
|
|
335
|
+
{
|
|
336
|
+
"id": "NIST-800-53-SC-8",
|
|
337
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
338
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
339
|
+
},
|
|
340
|
+
{
|
|
341
|
+
"id": "NIST-800-53-SI-2",
|
|
342
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
343
|
+
"control_name": "Flaw Remediation"
|
|
344
|
+
},
|
|
345
|
+
{
|
|
346
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
347
|
+
"framework": "PCI DSS 4.0",
|
|
348
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
349
|
+
},
|
|
350
|
+
{
|
|
351
|
+
"id": "SOC2-CC9-vendor-management",
|
|
352
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
353
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
354
|
+
}
|
|
355
|
+
],
|
|
356
|
+
"attack_refs": [
|
|
357
|
+
"T1068",
|
|
358
|
+
"T1548.001"
|
|
359
|
+
],
|
|
360
|
+
"rfc_refs": [
|
|
361
|
+
"RFC-4301",
|
|
362
|
+
"RFC-4303",
|
|
363
|
+
"RFC-7296"
|
|
364
|
+
]
|
|
365
|
+
}
|
|
366
|
+
},
|
|
367
|
+
"CVE-2025-31161": {
|
|
368
|
+
"name": "CrushFTP HTTP authorization-header authentication bypass (crushadmin takeover)",
|
|
369
|
+
"rwep": 76,
|
|
370
|
+
"cvss": 9.8,
|
|
371
|
+
"cisa_kev": true,
|
|
372
|
+
"epss_score": 0.88937,
|
|
373
|
+
"referencing_skills": [
|
|
374
|
+
"kernel-lpe-triage",
|
|
375
|
+
"coordinated-vuln-disclosure"
|
|
376
|
+
],
|
|
377
|
+
"chain": {
|
|
378
|
+
"cwes": [
|
|
379
|
+
{
|
|
380
|
+
"id": "CWE-125",
|
|
381
|
+
"name": "Out-of-bounds Read",
|
|
382
|
+
"category": "Memory Safety"
|
|
383
|
+
},
|
|
384
|
+
{
|
|
385
|
+
"id": "CWE-1357",
|
|
386
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
387
|
+
"category": "Supply Chain"
|
|
388
|
+
},
|
|
389
|
+
{
|
|
390
|
+
"id": "CWE-362",
|
|
391
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
392
|
+
"category": "Concurrency"
|
|
393
|
+
},
|
|
394
|
+
{
|
|
395
|
+
"id": "CWE-416",
|
|
396
|
+
"name": "Use After Free",
|
|
397
|
+
"category": "Memory Safety"
|
|
398
|
+
},
|
|
399
|
+
{
|
|
400
|
+
"id": "CWE-672",
|
|
401
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
402
|
+
"category": "Memory Safety"
|
|
403
|
+
},
|
|
404
|
+
{
|
|
405
|
+
"id": "CWE-787",
|
|
406
|
+
"name": "Out-of-bounds Write",
|
|
407
|
+
"category": "Memory Safety"
|
|
408
|
+
}
|
|
409
|
+
],
|
|
410
|
+
"atlas": [],
|
|
411
|
+
"d3fend": [
|
|
412
|
+
{
|
|
413
|
+
"id": "D3-ASLR",
|
|
414
|
+
"name": "Address Space Layout Randomization",
|
|
415
|
+
"tactic": "Harden"
|
|
416
|
+
},
|
|
417
|
+
{
|
|
418
|
+
"id": "D3-EAL",
|
|
419
|
+
"name": "Executable Allowlisting",
|
|
420
|
+
"tactic": "Harden"
|
|
421
|
+
},
|
|
422
|
+
{
|
|
423
|
+
"id": "D3-PHRA",
|
|
424
|
+
"name": "Process Hardware Resource Access",
|
|
425
|
+
"tactic": "Isolate"
|
|
426
|
+
},
|
|
427
|
+
{
|
|
428
|
+
"id": "D3-PSEP",
|
|
429
|
+
"name": "Process Segment Execution Prevention",
|
|
430
|
+
"tactic": "Harden"
|
|
431
|
+
}
|
|
432
|
+
],
|
|
433
|
+
"framework_gaps": [
|
|
434
|
+
{
|
|
435
|
+
"id": "CIS-Controls-v8-Control7",
|
|
436
|
+
"framework": "CIS Controls v8",
|
|
437
|
+
"control_name": "Continuous Vulnerability Management"
|
|
438
|
+
},
|
|
439
|
+
{
|
|
440
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
441
|
+
"framework": "ISO/IEC 27001:2022",
|
|
442
|
+
"control_name": "Management of technical vulnerabilities"
|
|
443
|
+
},
|
|
444
|
+
{
|
|
445
|
+
"id": "NIS2-Art21-patch-management",
|
|
446
|
+
"framework": "EU NIS2 Directive",
|
|
447
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
448
|
+
},
|
|
449
|
+
{
|
|
450
|
+
"id": "NIST-800-218-SSDF",
|
|
451
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
452
|
+
"control_name": "Secure Software Development Framework"
|
|
453
|
+
},
|
|
454
|
+
{
|
|
455
|
+
"id": "NIST-800-53-SC-8",
|
|
456
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
457
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
458
|
+
},
|
|
459
|
+
{
|
|
460
|
+
"id": "NIST-800-53-SI-2",
|
|
461
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
462
|
+
"control_name": "Flaw Remediation"
|
|
463
|
+
},
|
|
464
|
+
{
|
|
465
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
466
|
+
"framework": "PCI DSS 4.0",
|
|
467
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
468
|
+
},
|
|
469
|
+
{
|
|
470
|
+
"id": "SOC2-CC9-vendor-management",
|
|
471
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
472
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
473
|
+
}
|
|
474
|
+
],
|
|
475
|
+
"attack_refs": [
|
|
476
|
+
"T1068",
|
|
477
|
+
"T1548.001"
|
|
478
|
+
],
|
|
479
|
+
"rfc_refs": [
|
|
480
|
+
"RFC-4301",
|
|
481
|
+
"RFC-4303",
|
|
482
|
+
"RFC-7296"
|
|
483
|
+
]
|
|
484
|
+
}
|
|
485
|
+
},
|
|
10
486
|
"CVE-2025-30066": {
|
|
11
487
|
"name": "tj-actions/changed-files GitHub Action Supply-Chain Compromise (secret exfiltration to workflow logs)",
|
|
12
488
|
"rwep": 78,
|
|
@@ -80167,6 +80643,7 @@
|
|
|
80167
80643
|
"CVE-2024-7694",
|
|
80168
80644
|
"CVE-2024-8068",
|
|
80169
80645
|
"CVE-2024-8069",
|
|
80646
|
+
"CVE-2025-0282",
|
|
80170
80647
|
"CVE-2025-10035",
|
|
80171
80648
|
"CVE-2025-10164",
|
|
80172
80649
|
"CVE-2025-10585",
|
|
@@ -80192,6 +80669,7 @@
|
|
|
80192
80669
|
"CVE-2025-21043",
|
|
80193
80670
|
"CVE-2025-21479",
|
|
80194
80671
|
"CVE-2025-21480",
|
|
80672
|
+
"CVE-2025-22457",
|
|
80195
80673
|
"CVE-2025-23254",
|
|
80196
80674
|
"CVE-2025-23266",
|
|
80197
80675
|
"CVE-2025-24016",
|
|
@@ -80213,7 +80691,9 @@
|
|
|
80213
80691
|
"CVE-2025-30202",
|
|
80214
80692
|
"CVE-2025-30397",
|
|
80215
80693
|
"CVE-2025-31125",
|
|
80694
|
+
"CVE-2025-31161",
|
|
80216
80695
|
"CVE-2025-31277",
|
|
80696
|
+
"CVE-2025-31324",
|
|
80217
80697
|
"CVE-2025-32432",
|
|
80218
80698
|
"CVE-2025-32433",
|
|
80219
80699
|
"CVE-2025-32434",
|
|
@@ -83073,6 +83553,7 @@
|
|
|
83073
83553
|
"CVE-2024-7694",
|
|
83074
83554
|
"CVE-2024-8068",
|
|
83075
83555
|
"CVE-2024-8069",
|
|
83556
|
+
"CVE-2025-0282",
|
|
83076
83557
|
"CVE-2025-10035",
|
|
83077
83558
|
"CVE-2025-10164",
|
|
83078
83559
|
"CVE-2025-10585",
|
|
@@ -83098,6 +83579,7 @@
|
|
|
83098
83579
|
"CVE-2025-21043",
|
|
83099
83580
|
"CVE-2025-21479",
|
|
83100
83581
|
"CVE-2025-21480",
|
|
83582
|
+
"CVE-2025-22457",
|
|
83101
83583
|
"CVE-2025-23254",
|
|
83102
83584
|
"CVE-2025-23266",
|
|
83103
83585
|
"CVE-2025-24016",
|
|
@@ -83119,7 +83601,9 @@
|
|
|
83119
83601
|
"CVE-2025-30202",
|
|
83120
83602
|
"CVE-2025-30397",
|
|
83121
83603
|
"CVE-2025-31125",
|
|
83604
|
+
"CVE-2025-31161",
|
|
83122
83605
|
"CVE-2025-31277",
|
|
83606
|
+
"CVE-2025-31324",
|
|
83123
83607
|
"CVE-2025-32432",
|
|
83124
83608
|
"CVE-2025-32433",
|
|
83125
83609
|
"CVE-2025-32434",
|
|
@@ -83539,6 +84023,7 @@
|
|
|
83539
84023
|
"CVE-2024-7694",
|
|
83540
84024
|
"CVE-2024-8068",
|
|
83541
84025
|
"CVE-2024-8069",
|
|
84026
|
+
"CVE-2025-0282",
|
|
83542
84027
|
"CVE-2025-10035",
|
|
83543
84028
|
"CVE-2025-10164",
|
|
83544
84029
|
"CVE-2025-10585",
|
|
@@ -83564,6 +84049,7 @@
|
|
|
83564
84049
|
"CVE-2025-21043",
|
|
83565
84050
|
"CVE-2025-21479",
|
|
83566
84051
|
"CVE-2025-21480",
|
|
84052
|
+
"CVE-2025-22457",
|
|
83567
84053
|
"CVE-2025-23254",
|
|
83568
84054
|
"CVE-2025-23266",
|
|
83569
84055
|
"CVE-2025-24016",
|
|
@@ -83585,7 +84071,9 @@
|
|
|
83585
84071
|
"CVE-2025-30202",
|
|
83586
84072
|
"CVE-2025-30397",
|
|
83587
84073
|
"CVE-2025-31125",
|
|
84074
|
+
"CVE-2025-31161",
|
|
83588
84075
|
"CVE-2025-31277",
|
|
84076
|
+
"CVE-2025-31324",
|
|
83589
84077
|
"CVE-2025-32432",
|
|
83590
84078
|
"CVE-2025-32433",
|
|
83591
84079
|
"CVE-2025-32434",
|
|
@@ -84936,6 +85424,7 @@
|
|
|
84936
85424
|
"CVE-2024-7694",
|
|
84937
85425
|
"CVE-2024-8068",
|
|
84938
85426
|
"CVE-2024-8069",
|
|
85427
|
+
"CVE-2025-0282",
|
|
84939
85428
|
"CVE-2025-10035",
|
|
84940
85429
|
"CVE-2025-10164",
|
|
84941
85430
|
"CVE-2025-10585",
|
|
@@ -84961,6 +85450,7 @@
|
|
|
84961
85450
|
"CVE-2025-21043",
|
|
84962
85451
|
"CVE-2025-21479",
|
|
84963
85452
|
"CVE-2025-21480",
|
|
85453
|
+
"CVE-2025-22457",
|
|
84964
85454
|
"CVE-2025-23254",
|
|
84965
85455
|
"CVE-2025-23266",
|
|
84966
85456
|
"CVE-2025-24016",
|
|
@@ -84982,7 +85472,9 @@
|
|
|
84982
85472
|
"CVE-2025-30202",
|
|
84983
85473
|
"CVE-2025-30397",
|
|
84984
85474
|
"CVE-2025-31125",
|
|
85475
|
+
"CVE-2025-31161",
|
|
84985
85476
|
"CVE-2025-31277",
|
|
85477
|
+
"CVE-2025-31324",
|
|
84986
85478
|
"CVE-2025-32432",
|
|
84987
85479
|
"CVE-2025-32433",
|
|
84988
85480
|
"CVE-2025-32434",
|
|
@@ -85894,6 +86386,7 @@
|
|
|
85894
86386
|
"CVE-2024-8069",
|
|
85895
86387
|
"CVE-2024-9526",
|
|
85896
86388
|
"CVE-2025-0133",
|
|
86389
|
+
"CVE-2025-0282",
|
|
85897
86390
|
"CVE-2025-10035",
|
|
85898
86391
|
"CVE-2025-10164",
|
|
85899
86392
|
"CVE-2025-10585",
|
|
@@ -85919,6 +86412,7 @@
|
|
|
85919
86412
|
"CVE-2025-21043",
|
|
85920
86413
|
"CVE-2025-21479",
|
|
85921
86414
|
"CVE-2025-21480",
|
|
86415
|
+
"CVE-2025-22457",
|
|
85922
86416
|
"CVE-2025-23254",
|
|
85923
86417
|
"CVE-2025-23266",
|
|
85924
86418
|
"CVE-2025-24016",
|
|
@@ -85943,7 +86437,9 @@
|
|
|
85943
86437
|
"CVE-2025-30202",
|
|
85944
86438
|
"CVE-2025-30397",
|
|
85945
86439
|
"CVE-2025-31125",
|
|
86440
|
+
"CVE-2025-31161",
|
|
85946
86441
|
"CVE-2025-31277",
|
|
86442
|
+
"CVE-2025-31324",
|
|
85947
86443
|
"CVE-2025-32432",
|
|
85948
86444
|
"CVE-2025-32433",
|
|
85949
86445
|
"CVE-2025-32434",
|
|
@@ -88419,6 +88915,7 @@
|
|
|
88419
88915
|
"CVE-2024-7694",
|
|
88420
88916
|
"CVE-2024-8068",
|
|
88421
88917
|
"CVE-2024-8069",
|
|
88918
|
+
"CVE-2025-0282",
|
|
88422
88919
|
"CVE-2025-10035",
|
|
88423
88920
|
"CVE-2025-10585",
|
|
88424
88921
|
"CVE-2025-11371",
|
|
@@ -88441,6 +88938,7 @@
|
|
|
88441
88938
|
"CVE-2025-21043",
|
|
88442
88939
|
"CVE-2025-21479",
|
|
88443
88940
|
"CVE-2025-21480",
|
|
88941
|
+
"CVE-2025-22457",
|
|
88444
88942
|
"CVE-2025-23254",
|
|
88445
88943
|
"CVE-2025-24016",
|
|
88446
88944
|
"CVE-2025-24201",
|
|
@@ -88463,7 +88961,9 @@
|
|
|
88463
88961
|
"CVE-2025-30202",
|
|
88464
88962
|
"CVE-2025-30397",
|
|
88465
88963
|
"CVE-2025-31125",
|
|
88964
|
+
"CVE-2025-31161",
|
|
88466
88965
|
"CVE-2025-31277",
|
|
88966
|
+
"CVE-2025-31324",
|
|
88467
88967
|
"CVE-2025-32432",
|
|
88468
88968
|
"CVE-2025-32433",
|
|
88469
88969
|
"CVE-2025-32434",
|
|
@@ -90980,5 +91480,19 @@
|
|
|
90980
91480
|
"rfc_refs": []
|
|
90981
91481
|
},
|
|
90982
91482
|
"related_cves": []
|
|
91483
|
+
},
|
|
91484
|
+
"CWE-305": {
|
|
91485
|
+
"name": "Authentication Bypass by Primary Weakness",
|
|
91486
|
+
"category": "Authentication",
|
|
91487
|
+
"referencing_skills": [],
|
|
91488
|
+
"skill_count": 0,
|
|
91489
|
+
"chain": {
|
|
91490
|
+
"atlas": [],
|
|
91491
|
+
"attack_refs": [],
|
|
91492
|
+
"framework_gaps": [],
|
|
91493
|
+
"d3fend": [],
|
|
91494
|
+
"rfc_refs": []
|
|
91495
|
+
},
|
|
91496
|
+
"related_cves": []
|
|
90983
91497
|
}
|
|
90984
91498
|
}
|